IETF97, Seoul Thursday November 17th 2017 09:30am - 11:00am local time Minutes: Ole Troan Chairs’ Introduction Slides: https://www.ietf.org/proceedings/97/slides/slides-97-dnssd-chairs-slides-02.pptx Tim Wicinski deputising for Ralph. * Document status   Nothing to note    * Goals * Agenda   No comments Hybrid Unicast/Multicast DNS-Based Service Discovery, Stuart Cheshire https://tools.ietf.org/html/draft-ietf-dnssd-hybrid-04 Slides: https://www.ietf.org/proceedings/97/slides/slides-97-dnssd-hybrid-proxy-00.pdf Question for the group: Change naming of hybrid proxy? Suggestion:     s/Hybrid proxy/Discovery proxy     and Advertising proxy Tim Chown: You might call it hybrid discovery proxy? Comments from room (several): Prefer Discovery proxy. Chairs: 1) Hum if you want to change to discovery proxy?          2) Hum if not, or          3) hum if you want something else. *All hums in agreement for name change.* DNS Push Notifications, Stuart Cheshire https://tools.ietf.org/html/draft-ietf-dnssd-push-09 Slides: https://www.ietf.org/proceedings/97/slides/slides-97-dnssd-dns-push-00.pdf No comments. DNS Session Signalling, Stuart Cheshire https://tools.ietf.org/html/draft-ietf-dnsop-session-signal-01 Slides: https://www.ietf.org/proceedings/97/slides/slides-97-dnssd-dns-sd-session-signal-00.pdf Ray: I would still prefer to have the full DNS header. It was Mark Andrews who wanted the abbreviated version. Mark Andrews: It depends on what the opcode is going to do. You need at least 12 or more bytes. Stuart: It makes sense, will do another round of editing and will go back to the standard 12 byte header. Mark A: The last 8 bytes can be payload. Stuart: If the payload is too short you may have to add padding then? Mark A: You only need one TLV it is just padding either way. Stuart: Wireshark/tcpdump will work as expected if the 8 bytes are the standard header, if we used them for payload they wouldn't. Mark A: I'd be tempted to have a length field after the 4 first bytes. Stuart: The TLV has lenght (L), but if 0 length would not meet 8 byte minimum. ... Mark A: I'm thinking of the sum of TLV length. We can deal with it later. Ray: We got some ideas on this one. Whatever happens we need a wireshark update. What Mark said that 12 bytes was minimum was new to me. So we have to take this offline. Open question 1 (No additional record section) - slide 3 Problem:     No TSIG     No EDNS(0)     No EDNS(0) Padding option for security RFC7830 Opinions on this problem, please discuss on the DNSOP list. *Question to be resolved on list. Must be resolved before document can proceed.* Tim C: Interesting to see what other uses will appear when people become aware of this. To be discussed in DNSO Sara Dickinson: We have DNS keepalive defined at the moment. Not a great solution. I see this as completely superceeding this. Rick Taylor: General danger that you are forking the DNS packet format? Let's make it look like the rest of DNS. Separate code path... Stuart: I'm hearing broad agreement to use the standard 12 byte header. Open question 2 - does every message require a response? -> No opinions in the room. Must be resolved on the list. Open question 3 - Change IDLE TIMEOUT to KEEPALIVE INTERVAL? -> No comment in room Bernie Volz: Question 2. For the TCP case the reply has to be acked, so you aren't winning anything of setting a reply. Stuart / Bernie: Discussion. Bernie: The only benefit if you send a reply back, is that the client could have a short timeout, cause the client would know it gets a reply. Tim: Carry on that discussion on the DNSOP list. Chairs: Stuart has promised a new revision. Stuart: Umm, yes. I'm working on it. Proxy having some short-comings, e.g. merging links. Stuart discussing possibly future directions this work could take. Ralph Droms (remote): Moving along a spectrum towards a centralized unicast DNS-SD? Stuart: Yes. Hard to predict. Expected a move to unicast DNS-SD, but vendors appear OK with mDNS. Lots of things have mDNS support but not a DNS Update client. Stuart: On future roadmap. We've been talking about how this technology can be helful for Apple's new campus. You don't want to discover everything in a large network. Some sort of sliding window model where I discover where I am, and discover things close to me. I call it an aggregating proxy. ... Tim: A similar issue at our campus where we have VLAN pooling implemented on the Wireless LAN Controllers, so you can be stood next to someone, yet be in a different subnet. Ralph: Lots of different ways to put these building blocks together. Tim: We need a guidance document on how to deploy this in an Enterprise environment. Ralph: The "aggegate proxy" might have some benefits, possibly being centrally managed. Stuart: Yes, taking it to the its logical solution, it can be centrally managed in a big iron server. The server could talk to distributed discovery proxies. * Open discussion continuing about the possible future of this work* Tim: The BCP document on enterprise/campus scalable DNS-SD would be useful to move forward. Rick Taylor: Use case for advertising proxies. Container use case, where a composite device creates containers for 3rd party devices. No conclusion. Privacy Extensions for DNS-SD, Ralph Droms (remote) https://tools.ietf.org/html/draft-ietf-dnssd-privacy-00 Slides: https://www.ietf.org/proceedings/97/slides/slides-97-dnssd-dns-sd-privacy-01.pptx Six people have read the DNS privacy draft and the pairing draft. Tim: *Discussion on how scaling can be done*. We have agreement from an AD that someone in the Security Area is going to do a formal review. Henning S(?): It would require some level of crypto would be recquired to get this right. And how much pre-configuration would be required. Tim: If both parties want to communicate this way it is incrementally deployable. The WG need to keep the that in mind. Ralph: ... You only have to do the set of printers once. It is incremental. Tim: Described in the pairing document. With the alternative approaches. Henning S: Can you reuse existing security relationships Need review. Device Pairing Using Short Authentication Strings, Ralph Droms (remote) https://tools.ietf.org/html/draft-ietf-dnssd-pairing-00 Slides: https://www.ietf.org/proceedings/97/slides/slides-97-dnssd-dns-sd-pairing-protocol-01.pptx Will also be reviewed in the Security Area. Stateful Multi-Link DNS Service Discovery, Ted Lemon https://tools.ietf.org/html/draft-lemon-stateful-dnssd-00 Slides: https://www.ietf.org/proceedings/97/slides/slides-97-dnssd-stateful-multi-link-dns-based-service-discovery-01.pdf Stuart C: I agree with you. DNS Update seems like a pain in the arse. It is very complicated trying to combine all the updates into something that is efficient. Large precedent to do it over HTTPS. Tim: Where do we go next on this? Ted: I think I need to do more homework before the WG takes a serious look at it. Henning Schulzrinne: Confused what the practical use case is.  Ted: The use case at this point is your device discovers a device inside the home and you want that device to have the same name outside of the home. I want in my home to publish services available outside of the home. Henning/Ted: ...discussing the use case. And vendor implementations / security aspects of publishing it in the DNS. Stuart: Thanks for doing this Ted it is interesting. It is a good area to explore. Happy to work with you here. *Stuart volunteers to work with Ted on the document*. Discussion: Other drafts, implementations, and next steps, Chairs - includes recommendations for using the hybrid proxy in campus environments - noting https://github.com/pusateri/draft-pusateri-hybridproxy-impl/blob/master/draft-pusateri-dnssd-hyp-impl.txt Chair reviews where we are with other drafts, milestones and outcomes of today. Close and summary of actions, Chairs Chair summarizing actions: 1) The hybrid proxy draft will be submitted to the IESG as the DNS-SD Discovery proxy.  Stuart Cheshire to update -05. 2) Stuart will produce a new I-D on the DNS-SD Advertising Proxy 3) The DNS Push draft is close to being ready for WGLC; chairs to check with authors. 4) Open issues with the DNS Session Signalling draft will be resolved in dnsop; action on Tim Wicinski (dnsop co-chair) to push it forward 5) Chairs to ensure SAAG review of both privacy drafts happen soon; authors to progress work; TLS decision required; implementation reports expected in IETF98. 6) New draft required on stitching links together (from naming perspective); of particular interest in homenet scenario; chairs to solicit authors. 7) Volunteers required to assist Ralph Droms and Tom Pusateri in producing a -00 of BCP for enterprise/campus scenarios 8) Chairs to review WG milestones with AD 9) Chairs will provide shepherd writeup for label interop draft so it can go to the IESG. Meeting closed at 10:54.